const express = require('express');
const fs=require('fs')
const app=express();
const bodyParser=require('body-parser');
const mysql=require('mysql2');

const connection=mysql.createConnection({
    host:'localhost',
    user:'root',
    password:'1973233851',
    database:'blog'
})
connection.connect();

// 表单页 提交了恶意代码
// 提交表单处理
// 路由中间件

// 启用一个中间件 去到post / login 帮我们把表单内容准备好
app.use(bodyParser.urlencoded({extended:false}));
app.use(bodyParser.json());

app.get('/form',function(req,res){  // http 请求 协议
    // 同步 阻塞
    const from = fs.readFileSync('./form.html',{encoding:'utf8'})
    res.send(from);
})

app.post('/login',function(req,res){
    // console.log(req.body);
    let {username,password}=req.body;
    // let sql = `SELECT * FROM user where username='${username}' and password='${password}'`;
    // 防注入
    let sql = `SELECT * FROM user where username='${connection.escape(username)}' and password='${connection.escape(password)}'`;
    console.log(sql);
    connection.query(
        sql,
        function(err,results){
            console.log(err);
            res.send(results);
        }
    )
})

app.listen(8000);